On Sat, Aug 2, 2008 at 7:19 AM, Thorsten Leemhuis <[EMAIL PROTECTED]> wrote: > Hi all! > > The maintainer of the package "trousers" asked the epel-signers to pull that > package from the EPEL repos as it's in EL since 5.2 now. I would have simply > done it, but it turned out that the EVR in EPEL is higher then the one in > EL: > > $ sudo yum list trousers > trousers.x86_64 0.3.1-5.el5 epel > trousers.i386 0.3.1-5.el5 epel > $ sudo yum list trousers --disablerepo=epel > trousers.i386 0.3.1-4.el5 rhel-x86_64-serv > trousers.x86_64 0.3.1-4.el5 rhel-x86_64-serv > > So what do do? I tend a bit to say "remove it as long as the RHEL maintainer > promises to ship the next updates with a release of '6' or higher". But that > has downsides as well :-/ . > > Comments?
The "naked" truth is -- I've asked the same question a while ago and nobody answered me. I maintain "python-setuptools" in EPEL, and it was included in RHEL5.2 -- also with a lower version. Honestly, there is no good solution to this, as removing the package from EPEL won't do much for those who already have it installed. This actually have bad security repercussions -- if EPEL used to provide foo-1.2 and RHEL5.2 ships with foo-1.1, then if there is a security issue with both of them, RH will likely backport it to foo-1.1 and thus everyone who had it installed from EPEL will remain vulnerable. The *only* viable solution for when packages are pulled in from EPEL to RHEL proper is to either pull them in at the same version as EPEL, or to inflate the epoch for the package in RHEL so it always obsoletes EPEL (though this can also be tricky, as downgrading foo-1.2 to foo-1.1 can has undesired side-effects). This is a policy decision that needs to be worked out between EPEL and RHEL -- preferably ASAP. Regards, -- Konstantin Ryabitsev Montréal, Québec _______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
